Edgecution: Malicious Edge Extension Abuses Native Messaging to Escape Browser Sandbox
By
ThreatLabz
Summary
ThreatLabz has uncovered "Edgecution," a malicious attack that uses a rogue Microsoft Edge browser extension combined with a Python script to escape the browser sandbox. The attack abuses Chrome's native messaging feature — which is also supported by Chromium-based Edge — to allow the extension to communicate with a Python script running outside the sandbox, giving it access to the local filesystem and operating system. The article provides a technical breakdown of the initial access vector, how the malicious extension is deployed, and how each component (the Edge extension and the Python bridge) works together to backdoor compromised hosts.
Source
Key quotes
· 3 pulledThe latter serves as a bridge between traditional browser sandboxes that are designed to limit access to the local system.
Chrome-based browsers support native messaging to enable third-party applications to perform activities outside of the sandbox and access the filesystem and operating system.
ThreatLabz exposes Edgecution: a rogue Edge extension that abuses Chrome native messaging to escape the browser sandbox and backdoor compromised hosts.
You might also wanna read
GitHub Repository Maintains Database of Malicious Chrome and Edge Extensions
This article describes a GitHub repository called 'malicious_extension_sentry' that maintains an automatically updated database of Chrome an
AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android
Google Chrome enters final phase of Manifest V2 deprecation, ending uBlock Origin bypasses; Edge and Opera to follow
Google Chrome is entering the final phase of deprecating Manifest V2 (MV2) extensions, including uBlock Origin and similar ad-blocking tools
Google Chrome enters final phase of Manifest V2 deprecation, ending uBlock Origin bypasses; Edge and Opera to follow
Google Chrome is entering the final phase of deprecating Manifest V2 (MV2) extensions, including uBlock Origin and similar ad-blocking tools
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

The Security Risks of Browser Extensions and Developer Tools in Modern Workflows
This article examines the security risks associated with browser extensions and developer tools in modern software ecosystems. It highlights

Comments
Sign in to join the conversation.
No comments yet. Be the first.